I have create one Root Certificate,Intermediate CA and SSl Certificate with below attribute.
Root Certificate:
Extended Key Usage (Client Authentication, TimeStamping)
Intermediate CA
Extended Key Usage (Server Authentication,Client Authenitcation TimeStamping)
SSL Certiticate.
Extended Key Usage (Server Authentication,Client Authenitcation TimeStamping)
I am getting below error in chrome(Img Attached) but same is working fine in firefox ,although i have added both Root and Intermediate CA in Microsoft trust store.
I did't include Server Authentication in Root Certificate as an extended key.Is there any way to create ssl certificate under this root .Please help
No. If a CA certificate (root or intermediate) contains an Extended Key Usage extension then issued certificates can only have a subset of those EKUs (unless the CA's EKU has the "any usage" EKU).
Generally a root certificate won't have the EKU extension (good for all purposes), and if the intermediate is owned by the same company it frequently won't have an EKU extension, either. If the intermediate CA is an issuance partnership then the issuing CA will frequently constrain the subordinate CA.
For example, the TLS certificate for www.microsoft.com (2018-06-05), where a delegated issuing CA agreement is used:
Compare with www.wikipedia.org: